[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve passwd plaintext

From: Duncan Murdoch <murdoch_at_stats.uwo.ca>
Date: 2006-07-15 19:02:31 CEST

On 7/15/2006 11:19 AM, Les Mikesell wrote:

> There are two real issues with plaintext passwords even if you
> trust the adminstrator. One is that vulnerabilities happen and
> files end up in the wrong hands in spite of the best intentions.
> The other is that it is human nature to reuse passwords. Even
> if you trust the admin with access to the subversion files you
> may not trust him to have access to other unrelated accounts
> where you might have used that same password.

David Anderson just posted some good advice: have the admin randomly
generate the password and tell it to the user. (svnserve requires the
admin to enter the password into the config file, so the admin may as
well generate it).

Duncan Murdoch

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jul 15 19:03:52 2006

This is an archived mail posted to the Subversion Users mailing list.